omniauth-shootproof 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: ad3161147032c70da2f50db9f0898b357c1e13c9
+  data.tar.gz: 64da2bc0e6684fbd88317ffb55ea28bb818f465c
+SHA512:
+  metadata.gz: f93fc70cbbb3026e2826b595c4808e511ab03ec078fa6740e5c9eb3fc0a7413d44605114a18a5472064c43d441aa4425aa692cbdbb5e9b137765c79a91395e91
+  data.tar.gz: f24ef35ba36f9b780a784b1f26f37a2005ef5be6e56e9ce5c31f30f1a5b8b7a921fb820119045caa576048d9ace5216af6b3840fe2aebaba819b70e3137b300d

data/.gitignore

@@ -0,0 +1,19 @@
+*.gem
+*.rbc
+.ruby-version
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+*.swp

data/.rspec

@@ -0,0 +1,2 @@
+--colour
+--format=progress

data/.travis.yml

@@ -0,0 +1,23 @@
+before_install: gem install bundler
+env:
+  global:
+    - JRUBY_OPTS="$JRUBY_OPTS --debug"
+language: ruby
+rvm:
+  - 1.8.7
+  - 1.9.3
+  - 2.0.0
+  - 2.1
+  - 2.2
+  - 2.3
+  - jruby-18mode
+  - jruby-19mode
+  - jruby-head
+  - rbx-2
+  - ruby-head
+matrix:
+  allow_failures:
+    - rvm: jruby-head
+    - rvm: ruby-head
+  fast_finish: true
+sudo: false

data/Gemfile

@@ -0,0 +1,16 @@
+source "http://rubygems.org"
+
+gem "rake"
+
+group :test do
+  gem "json", :platforms => [:jruby, :ruby_18, :ruby_19]
+  gem "mime-types", "~> 1.25", :platforms => [:jruby, :ruby_18]
+  gem "rack-test"
+  gem "rest-client", "~> 1.6.0", :platforms => [:jruby, :ruby_18]
+  gem "rspec", "~> 3.2"
+  gem "rubocop", ">= 0.30", :platforms => [:ruby_19, :ruby_20, :ruby_21, :ruby_22]
+  gem "webmock"
+end
+
+# Specify your gem's dependencies in omniauth-shootproof.gemspec
+gemspec

data/LICENSE.md

@@ -0,0 +1,19 @@
+Copyright (C) 2017 Paul Scarrone, Gary Newsome, and SavvySoftWorks LLC.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,44 @@
+# OmniAuth Shootproof
+### Based off OmniAuth OAuth2
+
+[![Gem Version](http://img.shields.io/gem/v/omniauth-shootproof.svg)][gem]
+[![Build Status](https://travis-ci.org/SavvySoftWorksLLC/omniauth-shootproof.svg?branch=master)](https://travis-ci.org/SavvySoftWorksLLC/omniauth-shootproof)
+[![Dependency Status](http://img.shields.io/gemnasium/SavvySoftWorksLLC/omniauth-shootproof.svg)][gemnasium]
+
+[gem]: https://rubygems.org/gems/omniauth-shootproof
+[travis]: http://travis-ci.org/SavvySoftWorksLLC/omniauth-shootproof
+[gemnasium]:https://gemnasium.com/github.com/SavvySoftWorksLLC/omniauth-shootproof
+
+This gem contains an OmniAuth strategy for Shootproof. It relies on the OAuth2 and OmniAuth-OAuth2 gems. Shootproof API does not conform exactly to the standard set forth with the base OAuth2 Client so some changes include:
+- Access Tokens require the same params as the original Authorization request. The confusing part is the Token request is required POST so query string params are not included by default.
+- The Access token requires the `redirect_uri` to match the `callback_url` from the Authorization request. Omniauth by default provides the query params from the Authorization callback in future `redirect_uri` params. This will no longer match so the query string is ditched.
+- The Authorization endpoint does not pass-through any params os CSRF protection using the `state` param is not possible.
+
+## Configuring the Shootproof Strategy
+
+```ruby
+
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :shootproof, <SHOOTPROOF_APP_ID>, 
+    scope: 'sp.event.get_list sp.event.get_photos sp.photo.info'
+end
+```
+That's pretty much it!
+
+Like normal you will have to interpret the authenticaion response in your OmniAUth Session Controller.
+
+The `info` response will contain the following hash
+```
+{
+  token: <ACCESS TOKEN>,
+  refresh_token: <REFRESH TOKEN>,
+  expires_at: <WHEN THE TOKEN AND REFRESH EXPIRE>,
+  expires_in: <TIME LEFT UNTIL EXPIRATION>
+}
+```
+
+For convenience the `uid` will be populated with the Access Token
+
+Paul Scarrone paul@savvysoftworks.com
+Gary Newsome gary@savvysoftworks.com
+SavvySoftWorks LLC.

data/Rakefile

@@ -0,0 +1,18 @@
+#!/usr/bin/env rake
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new
+
+task :test => :spec
+
+begin
+  require "rubocop/rake_task"
+  RuboCop::RakeTask.new
+rescue LoadError
+  task :rubocop do
+    $stderr.puts "RuboCop is disabled"
+  end
+end
+
+task :default => [:spec, :rubocop]

data/lib/omniauth-shootproof.rb

@@ -0,0 +1,3 @@
+require "omniauth-oauth2/version" # rubocop:disable FileName
+require "omniauth/strategies/shootproof"
+require "omniauth/shootproof/client"

data/lib/omniauth-shootproof/version.rb

@@ -0,0 +1,5 @@
+module OmniAuth
+  module Shootproof
+    VERSION = "1.0.0"
+  end
+end

data/lib/omniauth/shootproof/client.rb

@@ -0,0 +1,59 @@
+require 'faraday'
+require 'logger'
+
+module OmniAuth
+  module Shootproof
+    class Client < ::OAuth2::Client # rubocop:disable Metrics/ClassLength
+      # Initializes an AccessToken by making a request to the token endpoint
+      #
+      # @param [Hash] params a Hash of params for the token endpoint
+      # @param [Hash] access token options, to pass to the AccessToken object
+      # @param [Class] class of access token for easier subclassing OAuth2::AccessToken
+      # @return [AccessToken] the initalized AccessToken
+      def get_token(params, access_token_opts = {}, access_token_class = ::OAuth2::AccessToken) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
+        params = ::OAuth2::Authenticator.new(id, secret, options[:auth_scheme]).apply(params)
+        opts = {:raise_errors => options[:raise_errors], :parse => params.delete(:parse)}
+        headers = params.delete(:headers) || {}
+        if options[:token_method] == :post
+          opts[:params] = params
+          opts[:params].merge!(redirection_params)
+          opts[:headers] = {'Content-Type' => 'application/x-www-form-urlencoded'}
+        else
+          error = Error.new('Must Be POST')
+          raise(error)
+        end
+        opts[:headers].merge!(headers)
+        response = request(options[:token_method], token_url, opts)
+        if options[:raise_errors] && !(response.parsed.is_a?(Hash) && response.parsed['access_token'])
+          error = Error.new(response)
+          raise(error)
+        end
+        access_token_class.from_hash(self, response.parsed.merge(access_token_opts))
+      end
+
+      # The redirect_uri parameters, if configured
+      #
+      # The redirect_uri query parameter is OPTIONAL (though encouraged) when
+      # requesting authorization. If it is provided at authorization time it MUST
+      # also be provided with the token exchange request.
+      #
+      # Providing the :redirect_uri to the OAuth2::Client instantiation will take
+      # care of managing this.
+      #
+      # @api semipublic
+      #
+      # @see https://tools.ietf.org/html/rfc6749#section-4.1
+      # @see https://tools.ietf.org/html/rfc6749#section-4.1.3
+      # @see https://tools.ietf.org/html/rfc6749#section-4.2.1
+      # @see https://tools.ietf.org/html/rfc6749#section-10.6
+      # @return [Hash] the params to add to a request or URL
+      def redirection_params
+        if options[:redirect_uri]
+          {:redirect_uri => options[:redirect_uri]}
+        else
+          {}
+        end
+      end
+    end
+  end
+end

data/lib/omniauth/strategies/shootproof.rb

@@ -0,0 +1,85 @@
+require 'omniauth-oauth2'
+
+module OmniAuth
+  module Strategies
+    class Shootproof < OmniAuth::Strategies::OAuth2
+
+      # Give your strategy a name.
+      option :name, 'shootproof'
+      option :scope, 'sp.event.get_list sp.event.get_photos sp.photo.info'
+      option :provider_ignores_state, true
+
+      option :client_options, {
+        site: 'https://auth.shootproof.com',
+        authorize_url: '/oauth2/authorization/new',
+        token_url: '/oauth2/authorization/token',
+        token_method: :post
+      }
+
+      option :authorize_options, [:scope, :state, :code]
+      option :token_options,     [:scope, :state, :code]
+
+      # These are called after authentication has succeeded. If
+      # possible, you should try to set the UID without making
+      # additional calls (if the user id is returned with the token
+      # or as a URI parameter). This may not be possible with all
+      # providers.
+      uid{ raw_info[:token] }
+
+      info do
+        {
+          token: raw_info[:token],
+          refresh_token: raw_info[:refresh_token],
+          expires_at: raw_info[:expires_at],
+          expires_in: raw_info[:expires_in]
+        }
+      end
+
+      extra do
+        {
+          'raw_info' => raw_info
+        }
+      end
+
+      def raw_info
+        @raw_info ||= {
+          token:         access_token.token,
+          refresh_token: access_token.refresh_token,
+          expires_at: access_token.expires_at,
+          expires_in: access_token.expires_in
+        }
+      end
+
+    protected
+      def client
+        OmniAuth::Shootproof::Client.new(options.client_id, options.client_secret, deep_symbolize(options.client_options))
+      end
+
+      def callback_url
+        full_host + script_name + callback_path
+      end
+
+      # Initializes an AccessToken by making a request to the token endpoint
+      #
+      # @param [Hash] params a Hash of params for the token endpoint
+      # @param [Hash] access token options, to pass to the AccessToken object
+      # @param [Class] class of access token for easier subclassing OAuth2::AccessToken
+      # @return [AccessToken] the initalized AccessToken
+      def get_token(params, access_token_opts = {}, access_token_class = ::OAuth2::AccessToken) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
+        params = Authenticator.new(id, secret, options[:auth_scheme]).apply(params)
+        opts = {:raise_errors => options[:raise_errors], :parse => params.delete(:parse)}
+        headers = params.delete(:headers) || {}
+        opts[:params] = params
+        opts[:params].merge!(redirection_params)
+        opts[:headers] = {'Content-Type' => 'application/x-www-form-urlencoded'}
+        opts[:headers].merge!(headers)
+        response = request(options[:token_method], token_url, opts)
+        if options[:raise_errors] && !(response.parsed.is_a?(Hash) && response.parsed['access_token'])
+          error = Error.new(response)
+          raise(error)
+        end
+        access_token_class.from_hash(self, response.parsed.merge(access_token_opts))
+      end
+    end
+  end
+end

data/omniauth-shootproof.gemspec

@@ -0,0 +1,23 @@
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "omniauth-shootproof/version"
+
+Gem::Specification.new do |gem|
+  gem.add_dependency "omniauth-oauth2", "~> 1.4"
+
+  gem.add_development_dependency "bundler", "~> 1.0"
+
+  gem.authors       = ["Paul Scarrone", "Gary Newsome"]
+  gem.email         = ["paul@savvysoftworks.com", "gary@savvysoftworks.com"]
+  gem.description   = "OAuth2 Strategy for Shootproof based upon Omniauth-OAuth2."
+  gem.summary       = gem.description
+  gem.homepage      = "https://github.com/SavvySoftWorksLLC/omniauth-shootproof"
+  gem.licenses      = %w(MIT)
+
+  gem.executables   = `git ls-files -- bin/*`.split("\n").collect { |f| File.basename(f) }
+  gem.files         = `git ls-files`.split("\n")
+  gem.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  gem.name          = "omniauth-shootproof"
+  gem.require_paths = %w(lib)
+  gem.version       = OmniAuth::Shootproof::VERSION
+end

data/spec/helper.rb

@@ -0,0 +1,18 @@
+$LOAD_PATH.unshift File.expand_path("..", __FILE__)
+$LOAD_PATH.unshift File.expand_path("../../lib", __FILE__)
+
+require "rspec"
+require "rack/test"
+require "webmock/rspec"
+require "omniauth"
+require "omniauth-oauth2"
+require "omniauth-shootproof"
+
+RSpec.configure do |config|
+  config.expect_with :rspec do |c|
+    c.syntax = :expect
+  end
+  config.extend OmniAuth::Test::StrategyMacros, :type => :strategy
+  config.include Rack::Test::Methods
+  config.include WebMock::API
+end

data/spec/omniauth/strategies/shootproof_spec.rb

@@ -0,0 +1,81 @@
+require "helper"
+
+describe OmniAuth::Strategies::OAuth2 do
+  def app
+    lambda do |_env|
+      [200, {}, ["Hello."]]
+    end
+  end
+  let(:fresh_strategy) { Class.new(OmniAuth::Strategies::OAuth2) }
+
+  before do
+    OmniAuth.config.test_mode = true
+  end
+
+  after do
+    OmniAuth.config.test_mode = false
+  end
+
+  describe "#client" do
+    subject { fresh_strategy }
+
+    it "is initialized with symbolized client_options" do
+      instance = subject.new(app, :client_options => {"authorize_url" => "https://example.com"})
+      expect(instance.client.options[:authorize_url]).to eq("https://example.com")
+    end
+
+    it "sets ssl options as connection options" do
+      instance = subject.new(app, :client_options => {"ssl" => {"ca_path" => "foo"}})
+      expect(instance.client.options[:connection_opts][:ssl]).to eq(:ca_path => "foo")
+    end
+  end
+
+  describe "#authorize_params" do
+    subject { fresh_strategy }
+
+    it "includes any authorize params passed in the :authorize_params option" do
+      instance = subject.new("abc", "def", :authorize_params => {:foo => "bar", :baz => "zip"})
+      expect(instance.authorize_params["foo"]).to eq("bar")
+      expect(instance.authorize_params["baz"]).to eq("zip")
+    end
+
+    it "includes top-level options that are marked as :authorize_options" do
+      instance = subject.new("abc", "def", :authorize_options => [:scope, :foo, :state], :scope => "bar", :foo => "baz")
+      expect(instance.authorize_params["scope"]).to eq("bar")
+      expect(instance.authorize_params["foo"]).to eq("baz")
+    end
+
+    it "includes random state in the authorize params" do
+      instance = subject.new("abc", "def")
+      expect(instance.authorize_params.keys).to eq(["state"])
+      expect(instance.session["omniauth.state"]).not_to be_empty
+    end
+  end
+
+  describe "#token_params" do
+    subject { fresh_strategy }
+
+    it "includes any authorize params passed in the :authorize_params option" do
+      instance = subject.new("abc", "def", :token_params => {:foo => "bar", :baz => "zip"})
+      expect(instance.token_params).to eq("foo" => "bar", "baz" => "zip")
+    end
+
+    it "includes top-level options that are marked as :authorize_options" do
+      instance = subject.new("abc", "def", :token_options => [:scope, :foo], :scope => "bar", :foo => "baz")
+      expect(instance.token_params).to eq("scope" => "bar", "foo" => "baz")
+    end
+  end
+
+  describe "#callback_phase" do
+    subject { fresh_strategy }
+    it "calls fail with the client error received" do
+      instance = subject.new("abc", "def")
+      allow(instance).to receive(:request) do
+        double("Request", :params => {"error_reason" => "user_denied", "error" => "access_denied"})
+      end
+
+      expect(instance).to receive(:fail!).with("user_denied", anything)
+      instance.callback_phase
+    end
+  end
+end

metadata

@@ -0,0 +1,90 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-shootproof
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Paul Scarrone
+- Gary Newsome
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-06-09 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: omniauth-oauth2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+description: OAuth2 Strategy for Shootproof based upon Omniauth-OAuth2.
+email:
+- paul@savvysoftworks.com
+- gary@savvysoftworks.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- Gemfile
+- LICENSE.md
+- README.md
+- Rakefile
+- lib/omniauth-shootproof.rb
+- lib/omniauth-shootproof/version.rb
+- lib/omniauth/shootproof/client.rb
+- lib/omniauth/strategies/shootproof.rb
+- omniauth-shootproof.gemspec
+- spec/helper.rb
+- spec/omniauth/strategies/shootproof_spec.rb
+homepage: https://github.com/SavvySoftWorksLLC/omniauth-shootproof
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.12
+signing_key: 
+specification_version: 4
+summary: OAuth2 Strategy for Shootproof based upon Omniauth-OAuth2.
+test_files:
+- spec/helper.rb
+- spec/omniauth/strategies/shootproof_spec.rb